Join Early Retirement Today
Closed Thread
 
Thread Tools Search this Thread Display Modes
Help with Startpage Trojan
Old 10-27-2007, 01:16 PM   #1
Thinks s/he gets paid by the post
 
Join Date: Mar 2004
Posts: 2,083
Help with Startpage Trojan

After having my Dell laptop running XP Pro for a month, I got Trojan Startpage.BZP. When I run Windows 2000 for over 7 years, I don't recall having my system infected.
It comes up when I either start firefox or thunderbird and when I close thunderbird. My AVG AT 7.5 detects it but all I can do is heal it, every time I run these programs.
I couldn't find any reference on google, symantec, mcafee or AVG for this specific Trojan. I did found other Startpage trojans but these effect the IE start page. I don't use IE.

Can someone give me a clue on how to rid my laptop of this pest.

Boy, I am beginning to dislike XP.

MJ
__________________

__________________
I look to the present moment because that's where I live my life.
MJ is offline  
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 10-27-2007, 03:04 PM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,644
Have you tried starting in safe mode and then running AVG?
__________________

__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is online now  
Old 10-27-2007, 05:50 PM   #3
Thinks s/he gets paid by the post
 
Join Date: Mar 2004
Posts: 2,083
Quote:
Originally Posted by donheff View Post
Have you tried starting in safe mode and then running AVG?
Yeah but AVG found no threats. I did a search for this trojan but can't find it so I don't know where it is.

What a pain in the butt!

MJ
__________________
I look to the present moment because that's where I live my life.
MJ is offline  
Old 10-27-2007, 08:40 PM   #4
Thinks s/he gets paid by the post
 
Join Date: Mar 2004
Posts: 2,083
I don't understand why, if AVG recognized this trojan, it allowed the trojan to infect my system. Now, it's telling me after the fact that I have this trojan. I also schedule an AVG download/update every 2 hours so I should have the latest protection on my system. Perhaps this is a very new trojan. Lucky me.

MJ
__________________
I look to the present moment because that's where I live my life.
MJ is offline  
Old 10-27-2007, 09:43 PM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Ed_The_Gypsy's Avatar
 
Join Date: Dec 2004
Location: the City of Subdued Excitement
Posts: 5,293
I am more than ever motivated to move to freeBSD.
__________________
my bumpersticker:
"I am not in a hurry.
I am retired.
And I don't care how big your truck is."
Ed_The_Gypsy is offline  
Old 10-27-2007, 09:52 PM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
cute fuzzy bunny's Avatar
 
Join Date: Dec 2003
Location: Losing my whump
Posts: 22,697
AVG might not be fully effective against some threats. Not the first time I've heard that it whiffed on something.

Try downloading and running windows defender then run it alongside avg. Defender is the technology thats embedded in Vista.

http://www.microsoft.com/athome/secu...e/default.mspx

As a last ditch effort, Look up the stuff on symantecs website on the generic Startpage malignancy and follow its instructions for removal...it involves deleting some stuff in various places just to make sure the thing is ferreted out.
__________________
Be fearful when others are greedy, and greedy when others are fearful. Just another form of "buy low, sell high" for those who have trouble with things. This rule is not universal. Do not buy a 1973 Pinto because everyone else is afraid of it.
cute fuzzy bunny is offline  
Old 10-28-2007, 04:24 AM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Feb 2007
Posts: 5,072
Have you tried a spyware remover?

Here is a tip on the spyware stuff. If you do not follow the instructions exactly, the spyware will survive after you run the clean.

I have had spyware that required me to take some steps and i did not follow them exactly and it survived. Case in point, the spyware would restablish itself because I did not follow a specific manual step that was indicated... I overlooked it the first time.
__________________
chinaco is offline  
Old 10-28-2007, 10:02 AM   #8
Thinks s/he gets paid by the post
 
Join Date: Mar 2004
Posts: 2,083
Neither Spybot or Windows Defender detected the hidden trojan.

The symantec instructions appear to be rather old and refers to names that don't exist on XP SP2.

What disturbs me is that I cannot find any information on this trojan .BZP, so would the various removal instructions I find on google, remove it?

Also I did mention that these startpage trojans supposedly change the startpage of IE. Although I don't use IE, I started it and saw no page change nor did I get a AVG trojan alert. I just get the alert when I start thunderbird and firefox and when I close thunderbird.

MJ
__________________
I look to the present moment because that's where I live my life.
MJ is offline  
Old 10-28-2007, 11:06 AM   #9
Thinks s/he gets paid by the post
 
Join Date: Jan 2004
Posts: 2,049
Is it a false positive? Can you re-install Firefox?

You can try "Hijack This" also. It's for the more advanced user, but the Hijack community is friendly and will help you understand the output.
__________________
eridanus is offline  
Old 10-28-2007, 11:23 AM   #10
Administrator
Janet H's Avatar
 
Join Date: Feb 2007
Location: Pacific NW
Posts: 4,956
Try uninstalling Firefox and then load a new version, see if this helps. You also might try a program called Spyware Doctor - you can get a free download. It's pretty good with these kinds of threats.
__________________
Janet H is offline  
Old 10-28-2007, 12:27 PM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,282
Quote:
Originally Posted by Ed_The_Gypsy View Post
I am more than ever motivated to move to freeBSD.
What's stopping you? Looking at threads like this makes me glad I have never had to deal with any of this.

More info here:

Apple - Mac OS X Leopard - Technology - Security

-ERD50
__________________
ERD50 is offline  
Old 10-28-2007, 06:38 PM   #12
Thinks s/he gets paid by the post
 
Join Date: Mar 2004
Posts: 2,083
This trojan seems to be attacking the 2 Mozilla applications which I though were more resilient to bug attacks.

I will probably reload both apps, though I suspect the trojan is hiding outside of them.

MJ
__________________
I look to the present moment because that's where I live my life.
MJ is offline  
Old 10-29-2007, 01:31 AM   #13
Confused about dryer sheets
 
Join Date: Oct 2007
Posts: 1
I upgraded my Miranda IM on Friday to v0.7.1 (I use MirandaPortable and copied the files from the regular installed version to that folder so I can also use it on my flashdrive) and then this morning immediately when I opened it, AVG popped up and told me that it found .....\Locals~1\temp\nso164.tmp\registry.dll - Trojan horse Startpage.BZP. Now I don't know if this is a coincidence or if Miranda really has been compromised (that temp folder mentioned only contains 3 other files - all related to MirandaPortable)... or maybe it's just AVG giving a false positive... anyone with answers?
__________________
neels is offline  
Old 10-29-2007, 08:03 AM   #14
Confused about dryer sheets
 
Join Date: Oct 2007
Posts: 2
Im having this same problem with thunderbird protable. I think the bug is with AVG and that this isnt actually a threat. The virus scans dont pick it up because its a temp file. The files only there when you open that particular program. Mines for a temp registry file and pops up with the splash screen of thrunderbird.

I also tryed back up copies of thunderbird on other flash drives and other computers that use AVG and all had the same issue. It seems unlikely that they all got infected with the same virus at the same time.

Keep this thread posted if you guys figure anything out. Its really annouying to have virus alerts pop up everytime you open your email.
__________________
dan96max is offline  
Old 10-29-2007, 08:07 AM   #15
Thinks s/he gets paid by the post
 
Join Date: Jun 2005
Posts: 4,005
Try using systemrestore and go back to a previous save point until the trojan problem goes away.

Or the old fallback should work: reinstall the operating system and start from scratch. Make sure to format the hard drive.
__________________
justin is offline  
Old 10-29-2007, 08:34 AM   #16
Thinks s/he gets paid by the post
 
Join Date: Jun 2006
Posts: 1,666
First guess is it is a false positive. You can also try Trend Micro's 'Housecall'. It is a free online scanner (Antivirus & Content Security Software | Securing Your Web World: - Trend Micro USA) which does a pretty good job.
I don't think FF is any more secure than IE, it is just not as big a target. Once it gets bigger than IE (which I expect to happen) it will have many more people gunning for it.
__________________
"We do not inherit the earth from our ancestors, we borrow it from our children.
(Ancient Indian Proverb)"
Zathras is online now  
Old 10-29-2007, 08:50 AM   #17
Confused about dryer sheets
 
Join Date: Oct 2007
Posts: 2
What OS are are you guys on that are having the problem? Seems to only be happening on my vista machines. I just tryed it in an xp machine with the latest avg updates and everything was fine, no virus warnings at all.

A full format is a little exteme for this problem though and may or may not fix it. When doing these other virus scans, make sure the program is running and you hit ignore when avg pops up the virus warning. This way the temp file is still there for the other virus scanner to find. Im going to try a few today and see if I have any luck.
__________________
dan96max is offline  
Old 10-29-2007, 08:50 AM   #18
Thinks s/he gets paid by the post
Jay_Gatsby's Avatar
 
Join Date: Oct 2004
Posts: 1,719
What about using Trojan Hunter?
__________________
He had one of those rare smiles with a quality of eternal reassurance in it . . . It faced, or seemed to face, the whole external world for an instant and then concentrated on you with an irresistible prejudice in your favor. -- The Great Gatsby, F. Scott Fitzgerald
Jay_Gatsby is offline  
Old 10-29-2007, 08:54 AM   #19
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,282
Quote:
Originally Posted by Zathras View Post
I don't think FF is any more secure than IE, it is just not as big a target.
According to wiki/CERT, FF is more secure. I wish they gave a number, I don't know how significant 'not as many' is?

-ERD50

Quote:
Like other browers, Firefox too has had a number of vulnerabilities that have affected its security, although according to CERT, not as many as Internet Explorer.
__________________
ERD50 is offline  
Old 10-29-2007, 09:22 AM   #20
Thinks s/he gets paid by the post
 
Join Date: Mar 2004
Posts: 2,083
Quote:
Originally Posted by dan96max View Post
Im having this same problem with thunderbird protable. I think the bug is with AVG and that this isnt actually a threat. The virus scans dont pick it up because its a temp file. The files only there when you open that particular program. Mines for a temp registry file and pops up with the splash screen of thrunderbird.
You might be right.
Unless the trojan went to sleep, this morning when I restarted both firefox and thunderbird, I didn't get the AVG alert message. What is also strange is a program that was in memory rundll32.exe which several sites recommended to end (which I did) is not in memory at this time. I was never able to find in on my drive as well. For me ,outside of the AVG threat alert, I never noticed that it effected me (yet).

MJ
__________________

__________________
I look to the present moment because that's where I live my life.
MJ is offline  
Closed Thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 10:24 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.